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[57] ABSTRACT 

A method and means are provided for dynamically assigning 
security parameters to hypertext markup language (HTML) 
pages of an information provider on the worldwide web, 
whereby only one set of HTML pages need be stored and 
maintained for retrieval by client computers using differing 
security protocols. A security injection profile is provided 
for storing security parameters for each respective security 
protocol. When a browser enabled with a particular security 
protocol requests one of the HTML pages in the secure set, 
the page is accessed from web server storage, security 
parameters of the particular protocol are accessed and 
injected into the accessed page, and the page is sent to the 
requesting browser. 
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<to name=Home.html header=DEFAULT cryptopts=DEFAULT> 

<from name=A.html header=H1 cryptopts=C1 > 

</to> 

<to name=A.html header=DEFAULT cryptopts=DEFAULT> 
</to> 

<to name=B.html header=DEFAULT cryptopts=DEFAULT> 
<from name=Home.html header=H2 cryptopts=C2> 
</to> 

<header name=DEFAULT> 

SHTTP—Privacy-Enhancements: orig-optional=sign, encrypt 
</header> 

<cryptopts name=DEFAULT> 

SHTTP-Privacy— Enhancements: orig-optlonal=sign, encrypt 

</cryptopts> 

<cryptopts nanne=C1> 

SHTTP— Privacy-Enhancennents: orig-optional=sign,encrypt.auth; 

recv—required=sign, encrypt; 

recv— optional=sign,auth 
</cryptopts> - 
<header name=H1> 

SHTTP-Privacy-Enhancennents: orig-optional=sign,encrypt,auth; 
recv--required=sign,encrypt; 
recv-optional=sign,auth 

</header> 

<cryptopts nanne=C2> 

SHTTP— Privacy— Enhancements: orig-optional=sign, encrypt, auth; 
recv— required=sign,encrypt; 
recv— aptional=sign,auth 

</cryptopts> 
<header name=H2> 

SHTTP— Privacy— Enhancements: orig-optional=sign,encrypt,auth; 
recv-required=sign, encrypt; 
recv— optional=sign,auth 

</header> 
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DYNAMIC ASSIGNMENT OF SECURITY when it is accessed via a user browser request to a web 

PARAMETERS TO WEB PAGES server, whereby only one set of HTML pages need to stored 

for access by browsers with differing security protocols. 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 5 SUMMARY OF THE INVENTION 

This invention relates to dynamically assigning security in the worldwide web system, a method and means for 

parameters to Hypertext Markup Language (HTML) pages dynamically assigning security parameters to each one of a 

of a website owner's infonmation content. secure set of Hypertext Markup Language (HTML) pages as 

2. Description of the Background Art they are accessed, comprising the steps of or means for: 
Over the past few years, the internet has experienced storing information in the form of HTML pages; 

phenomenal growth, both in the number of computers on the providing a security injection profile defining the level of 

internet and in the number ofpeople using them. Leading the security for said pages in accordance with a specific 

way in this growth is the worldwide web, and the application security protocol' 

which made this possible is the web browser a point-and- ^ ^^^^^^ ^^^^j^^ ^.^^ ^^.^ ^ ^^^^^^^ 

chckfrontcndtothemtem6t.pi^ for requesting a particular oneof the HTMLpages via 

Transfer Protocol (HTTP) made it possible to create hyper- ^ ^^^^ ,^ J.^ 

text documents mXh embedded hnks to other sites and . .... - . .. 

other documents, and the browsers enabled the average mvokmg a secunty injection program for acccssmg said 

person to "surf the Net," which was previously done only by P^g^' ^^.^ accessing the security injecUon profile to 

computer experts. Not only was the technology available, it ^t^^^^^ ^^^^^^y paramclers defined in the profile for said 

was given away for free, either by browser developers or by P^ge, and for adding said secunty parameters to 

companies providing dial-up access to the internet. ^aid accessed one page; and 

One result of the web^s rapid growth is that most web delivering said one page to the browser, 

information content is free and not secure. Almost anyone In accordance with these and other objects which will 

can access almost anything, including the files stored on web become apparent heremafter, the instant invention will now 

servers which are located outside protective firewalls. This be described with particular reference to the accompanying 

is a problem for a business which wants to set up a storefront drawings. 

on the web becai^ security is required before customers DESCRIPHON OF THE DRAWINGS 
will feel comfortable doing transactions such as processing 

a credit card purchase or an electronic funds transfer. FIG. 1 is a block diagram illustrating the web security 

New products are becoming available which add security injection flow process of the present invention, 

to web servers and browsers, and website owners must pjc 2 illustrates diagrammatically a network system in 

incorporate the new security technology. Part of this effort which the present invention may be used, 

involves modifying the Hypertext Markup Language 35 pj^. 3 ^^^^ example of a web security injection 

(HTML) that makes up the content of web pages m a way ^^g,^ ^ information provider havmg three HTML 

that is specific to the secunty technology being used. The ^ ^^^^ 

result is that site owners have to maintain multiple versions 1,,^ a- a u ^ .1. ■ ru-r»« 

of the same HTMLpages. one set of pages for each security "G. 4 is a flow chart lUustrating the accessmg of HTML 

technology supported. Also, this requires web users to obtain P»g". » mjeclmg each page with SHTTP 

new security enabled browsers to view these HTML pages. s«==""'y P^ameters before providing the page to the secunty 

As the number of security technologies increases, so too will «°*''>«'^ browser which requested the page, 

the number of browsers increase to take advantage of the DESCRIPTION OF THE PREFERRED 

advancements. This requirement to upgrade is a burden on EMBODIMENTS 
the user community, and the maintenance of multiple sets of 45 

HTML pages is a burden on website owners. Before describing the present invention in detail, a brief 

-Hie great majority of sites currently on the worldwide description of accessing documents on the worldwide web 

web do not incorporate any security measures. As new ^ made. 

products become available which support security standards Hypertext Transfer Protocol (HTTP) is an application- 
such as Secure Hypertext Transfer Protocol (SHTTP) and 50 level protocol with the lightness and speed necessary for 

Secure Sockets Layer (SSL), website owners will need to distributed, collaborative, hypermedia information systems, 

add new security technology to their web pages while not HTTP has been in use by the worldwide web global infor- 

denying access to the millions of internet users, all of whom mation initiative since 1990. 

are potential customers who have backlevel (nonsecure The HTTP protocol is based on a request/response para- 
and/or secure) browsers. It is possible but undesirable to 55 digm. A client establishes a connection with a server and 

maintain multiple sets of HTML pages, one for each type of sends a request to the server in the form of a request method, 

security protocol. This application describes a tool that Universal Resource Identifier (URL), and protocol version, 

enables a company, e.g., a website owner, to maintain a This is followed by a Multipurpose Internet Mail Extension 

single set of HTML pages which can be served to a variety (MIME) like message containing the request modifiers, 
of browsers. 60 client infonmation, and possible body content. The server 

It is therefore an important object of the present invention responds with a status line, including the message's protocol 

to provide a method and means that peniiit a worldwide web version and a success or error code, followed by a MIME- 

information provider to maintain only one set of HTML like message containing server information, entity 

pages which can be served to browsers enabled with differ- information, and possible body content, 
ing security protocols. 65 Most HTTP communication is initiated by a user agent 

It is another important object of the present invention to and consists of a request to be applied to a resource on some 

dynamically assign security parameters to an HTML page origin server. On the internet, HTTP communication gener- 
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ally takes place over Transmission Control Protocol/Internet is a "from" section for page HOME within the "to" section 

Protocol (TCP/IP) connections. The default port is TCP 80, for page B. The profile is implemented using HTML tags to 

but other ports can be used. Except for experimental be consistent with the application environment of HTML 

applications, current practice requires that the connection be pages. 

established by the client prior to each request and closed by 5 Since it is possible for every page to be both a "to" and 

the server after sending the response. Both clients and a "from" page, the potential exists for the profile to be huge, 

servers should be aware that either parly may close the in the order of N-squared where N is the number of pages, 

connection prematurely, due to user action, automated time- To avoid this problem in the preferred embodiment, defaults 

out, or program failure, and should handle such closing in a are defined for all "to" pages, and then only the "from" pages 
predictable fashion. In any case, the closing of the connec- lO that do not use the defaults need to be listed separately. This 

tion by either or both parties always terminates the current significantly reduces the number of "from" entries in the 

transaction, regardless of its status. profile. 

When a user displays a Hypertext Markup Language Security parameters are defined for each to-from combi- 

(HTML) page with their browser, it will typically contain nation. There are many types of security parameters, and for 
references (links) to other pages/sources of information. ^5 illustration purposes we have selected two: Header and 

These references are signified to the user by being high- Cryptopts. For each "to" section there must be a default 

lighted. Upon clicking on one of the references, the client Header and Cryptopts parameter set defined. For each 

browser parses a Uniform Resource Locator (URL) to "from" section within a "to" section, there may be either 

determine which internet based server it should attempt to Header or Cryptopts or both, as needed to override the 

connect to, and which URL it will be requesting from the defaults defined for the given "to" section, 
server. The client then attempts to connect to the server on Creating and modifying the profile may be done using a 

port 80. If this connection request is successful, the client simple text editor, but this can be tedious and is prone to 

sends in a request for the URL and waits for a response. typing enors. Preferably, a browser-based front end displays 

When it receives the response, the client browser renders the the contents of the profile and allows the user to modify its 

retrieved information to the user. As stated above, once the content. The profile management software is capable of 

server sends the requested information, it closes the con- creating a profile from scratch, or modifying an existing 

nection and waits for requests. The client waits for the user profile based on changes made to the set of HTML pages, 
to select another URL and the process begins again. Once all the to-from entries are defined in the profile, one 

This application describes a tool (sometimes referred to change must be made to the set of HTML pages. Wherever 

hereinafter as a security injection program means or a a URL directly requests an HTML page that is in the security 

security injection program) which allows a company, i.e., a profile, it must instead invoke a security injection Common 

website owner, to maintain a single set of HTML documents Gateway Interface (CGI) script (not shown) passing the 

which can be served to multiple types of secure browser. names of the "from" and "to" pages as parameters. This 

This is done by adding security parameters automatically script is the entry point to the security injection program, 
when a security-enabled browser makes a request. FIG. 1 diagrammatically illustrates a plurality of browsers 

First, a "security injection profile" is created, which 10-1 to 10-4 coupled to a web server 12. A security injection 

profile defines the level of security desired for a set of pages program 14 accesses HTML pages from an inforaaation 

of a company's web content. This set typically includes most provider's secure set of pages 16; and, using security param- 

of a company's HTML pages, as well as any image files that ctcrs from a security injection profile 18, the security injec- 

may be displayed on those pages. For example, the set may tion program 14 dynamicaUy assigns selected security 

be defined as all files of a given type in a certain directory, parameters to each accessed page. The accessed pages 20, 

such as web/pages/*html. To create the profile, the set of 22, 24 of differing security protocols (modified by the 

files is analyzed to determine all the hyperiinks (i.e., links) addition of their security parameters) are then given to the 

that it contains. These links include Uniform Resource web server 12 for transfer to the requesting browsers 10-1 to 

Locators (URLs) and they point to other documents or other 10-3. 

sites on the web. For the URLs of each HTML page that fink Requests firom a non-secure browser 10-4 may be pro- 

to other pages within the secure set, security parameters may cessed by stripping secure portions from an accessed HTML 

be added. Requests for pages in this set all belong to the page by providing the appropriate software in the process 

same "session" and a security context for that session can be 14. 

maintained as long as the browser remains within that secure The profile 18 includes a plurality of profile sections 18a, 

set of pages. URLs that link to pages outside the set cannot 18b, and 18c for storing security parameters for browsers 

be modified for security. enabled with SHTTP protocol, another protocol, and SSL 

In the security injection profile, for each protocol there is protocol, respectively, 
a separate section to define security parameters for each 55 FIG. 2 diagrammatically illustrates a portion of the world- 
page. Since browsers go "from" one page "to" another, there wide web in its simplest form. 

are corresponding "to" and "from" sections in the profile. Apairofconventionalnetwork(or web) servers 12 and 30 

There is a "to" section for each page which defines the are coupled to each other by way of respective network I/O 

default security parameters used when a browser goes "to" devices such as 32 and a network path 34. Each server 

that page. Within each "to" section there may be multiple includes a central processing unit (CPU) 36, a main memory 

"from" sections, one for each page which contains a URL for 38, a plurality of direct access storage devices (D ASD) 40-1 

that "to" page. to 40-n, and a diskette controller 42 receiving diskettes 44 

For example, suppose a company supports SHTTP pro- for providing data and programs to the network system, 
tocol and has three web pages, HOME, A, and B. The Network server 12 is coupled to conventional client 
resulting security injection profile (as shown in FIG. 3) 65 computers 50-1 to 50-n by way of an I/O device 52. Network 

contains three "to" sections, one for each page. Assuming server 30 is coupled to its respective client computers 54-1 

the page HOME has a URL that links to page B, then there to 54-n. 
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A web provider may leave his set of secure HTML pages 
stored in DASD 40-1 and/or DASD 40-2 to 40-n. A portion 
of the set of HTML pages could be stored in corresponding 
DASDs in the server 20. The client computers such as 50-1 
can access HTML pages throughout the entire worldwide 5 
web. 

The security injection profile 18 is also stored in DASD 
40-1 to 40-n. Each of the computers 50-1 to 50-n and 54-1 
to 54-n may be enabled with one of the browsers 10-1 to 
10-4 of FIG. 1. 10 

FIG. 3 illustrates by way of example one preferred 
embodiment of a web security injection profile 18fl storing 
security parameters Header and Cryptopts for browsers 
enabled with SHTTP security protocol. The profile 18a 
assumes that a web information provider has a set of three 
HTML pages HOME, A, and B. 

The "to" sections for page HOME, page A, and page B 
have default values for "header*' and "cryptopts" param- 
eters. The page A "from" section of the "to" section for page 
HOME has an override header setting HI and override 
cryptopts setting CI. The page HOME "from" section of the 
"to" section for page B has an override header setting H2 
and an override cryptopts setting C2. 

The profile 18^ of FIG. 3 also defines the header and 25 
cryptopts settings default, HI, H2, CI, C2. 

FIG. 4 illustrates the following steps which occur when a 
user clicks on a hyperlink to request an HTML page that 
requires security: 

1. The user clicks on a hyperlink on the page ("from" 30 
page) that he is presently viewing, block 60. 

2. The user's browser sends a message to the web server 
12 including the "to" and "from" page names and a 
hyperiink security parameter, block 62. 

3. The web server invokes the security injection program 
14 via CGI script passing the names of the "from" and 
"to" pages and the type of security used, block 64. 

4. The security injection program 14 reads the "to" page 
from a file, block 66. 

5. The program 14 fills in the default or override security 
header for that page using the Header defined in the 
profile, block 68. 

6. Next, set the default or override Cryptopts for each 
URL on the "to" page. To do this, note that once this 45 
"to" page is sent to the browser, it then becomes the 
"from" page for the next request. Therefore, determine 
the cryptopts to use by treating each URL as a future 
"to" request, and treating the current "to" page as the 
"from" page, block 70. 50 

7. Once the URLs have been modified, the injection 
process is complete, the program 14 provides the 
modified page to the server 14, and the web server 14 
then serves the security enhanced page back to the 
requesting browser, block 72. 55 

In short, when a secure page is requested by a browser that 
supports security, the injection process modifies the appro- 
priate parts of that page using the security parameters 
defined in the profile and serves it back to the browser. When 
a page is requested by a browser that does not support 60 
security, either the page is modified to remove secure 
sections or, if that is not possible, the user gets a page that 
says "a secure browser is required to view this page." 

The security injection concept described in this applica- 
tion is a general purpose technique for dynamically assign- 65 
ing security parameters to an HTML page. We illustrated 
one possible implementation using the SHTTP security 



35 



parameters Headers and Cryptopts, however the concept 
applies to other SHTTP security options as well. The secu- 
rity injection concept may be used with other security 
protocols such as Secure Sockets Layer (SSL). As future 
security protocols become available, the security injection 
technique may be employed with them as well. This can be 
done by expanding the security injection profile, adding a 
new section for each security protocol. 

A specific example of the security injection process will 
now be described. Joe Client is using his web browser to 
view internet pages. He has selected a company's home 
page. This company uses the security injection program of 
the present invention to dynamically add security parameters 
to its web pages. 

For the purposes of this example, the company has three 
pages, HOME.html, B.html, and A.html (FIG. 3). This 
example demonstrates what the security injection program 
of the present invention does when Joe moves "from" page 
HOME.html to page B.html. The same steps arc taken for 
any of this company's pages that Joe selects. 

The assumption is that the company provides at least one 
web page (the page HOME.html) that can be accessed 
directly by anyone in the internet. This page is hard coded, 
not tailored by the security injection program. This is the 
page Joe is currently viewing. It has a header which is fixed, 
and each link on the page has associated security parameters 
called cryptopts. To get to the company's other web pages, 
Joe clicks on a link which invokes the security injection 
program. The steps below describe how the security injec- 
tion program 14 dynamically assigns security parameters to 
the next page and returns it to the client. 

1. Joe is currently viewing the page HOME.html. He 
decides to click on a link that takes him to page B.html. 
Both pages belong to the company, so the security 
injection program can dynamically assign the security 
parameters on the next page (page B.html) served to 
Joe's browser. 

2. The link Joe selected on the page HOME.html specifies 
the security injection program 14 as the program to 
invoke, and passes the name of the "from" page as 
HOME.html and the "to" page as B.html. 

3. When Joe clicks on the link, his web browser sends a 
message to the company's web server 12, which 
invokes the security injection program 14, which reads 
the "from" and "to" parameters passed to it. Since the 
"to" page is B.html, the program reads page B.html 
from a file. This is a skeleton page, meaning the header 
and cryptopts have not been filled in yet. The purpose 
of the security injection program 14 is to fill these in. 

4. Setting the header; The security injection program 14 
looks in section 18fl of the security injection profile 18 
and finds the "to" section corresponding to the page 
B.html. This section of the profile contains the default 
header for the page B.html. Note that within the "to" 
section for page B.html is a "from" section for page 
HOME.html. This section specifies the header which 
overrides the default header. Since Joe came "from" 
HOME.html "to" B.html, this override section is used. 
This specifies header H2 should be used. The program 
14 then adds header H2 to the page B.html, as specified 
by the override section in the profile. 

5. Setting the cryptopts. Before the page B.html can be 
sent back to Joe's browser, the cryptopts for each link 
on page B.html must be filled in. To do this, the 
program goes back to the profile. During this process, 
the page B.html is treated as the "from" page and each 
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link on B.html as the "to" page. This is because links 
on page B.html are "from" B.html "to" some other 
page. As an illustration, assume there is a link on page 
B.html that points to page A.html. In this case, the "to" 
page is A.html and the "from" page is B.html. In the S 
profile, there is a "to" section for page A.html. This 
section specifies only default cryplopt settings for 
A.html, so these are inserted into the link forA.html on 
page B.html. If there were a "from" page B.html 
specifying an override "cryptopts" setting, this latter lO 
setting would have been inserted into the link for 

A. html on page B.html. This process repeats for each 
link on page B.html which points to a page belonging 
to the company. 

6. Now the page B.html has been tailored according to the 15 
settings in the security injection profile. Its header is 
filled in as well as the cryptopts on each link to other 
pages. Now the security injection program has com- 
pleted its job, and the page B.html is ready to be served 
back to the client. 

7. The company's web server sends the modified page 

B. html back to Joe's browser where it is displayed. 
Joe's browser treats the page according to the security 
settings defined in the header section which was filled 
in by the security injection tool. 

8. The preceding steps repeat for each "click" where Joe 
chooses one of the company's pages. 

The instant invention has been shown and described 
herein in what is considered to be the most practical and 
preferred embodiment. It is recognized, however, that depar- 
tures may be made therefrom within the scope of the 
invention and thai obvious modifications will occur to a 
person skilled in the art. 

What I claim is: 35 

1. In a computer system, a method for dynamically 
assigning security parameters to each one of a secure set of 
Hypertext Markup Language (HTML) pages as the pages 
are accessed, said method comprising the steps of: 

storing information as HTML pages; 

providing a security injection profile defining security 

parameters for said HTML pages for a plurality of 

security protocols; 
receiving a request for a particular one of the HTML 

pages from a browser enabled with one of said security 

protocols; 

retrieving said one requested HTML page; 

accessing the security injection profile to obtain the 
security parameters for said one security protocol 
defined in the security injection profile for said one 
requested HTML page; 

adding said obtained security parameters to said retrieved 
HTML page to produce a new version of the retrieved 
HTML page that conforms to said one security pro to- 55 
col; and 

delivering said new version of the retrieved HTML page 
to the browser. 

2. The method of claim 1, wherein the security protocols 
include Secure Hypertext Transfer Protocol (SHTTP), and 
the security parameters defined for SHTTP in the security 
injection profile include Header and Cryptopts. 

3. The method of claim 2, 

wherein for each of the HTML pages, the security injec- 
tion profile includes a "to" section defining default 65 
Header and Cryptopts security parameters for the 
HTML page, and 



the "to" sections in the security injection profile further 
include one "from" section for each of the HTMLpages 
that link to the HTML page corresponding to the "to" 
section if such Unking requires other Header and Cryp- 
topt security parameters to override the default Header 
and Cryptopts security parameters in the "to" section. 

4. The method of claim 1, wherein the security protocols 
include Secure Sockets Layer (SSL). 

5. In a computer network, a method for enabling a 
network information provider to maintain a single set of 
HTML pages that can be served to browsers that use 
differing security protocols, said method comprising the 
steps of: 

storing information as a set of Hypertext Markup Lan- 
guage (HTML) pages; 

providing a security injection profile defining security 
paramneters for a plurality of security protocols; 

receiving a request for a particular one of the HTML 
pages from a browser that uses one of said security 
protocols; 

retrieving said one requested HTML page; 

accessing the security injection profile to obtain the 
security parameters for said one security protocol; 

adding said obtained security parameters to said retrieved 
HTML page to produce a new version of the retrieved 
HTML page that conforms to said one security proto- 
col; and 

delivering said new version of the retrieved HTML page 
to the browser for handling in accordance with the 
added security parameters. 

6. The method of claim 5, wherein the security protocols 
include Secure Hypertext Transfer Protocol (SHTTP) and 
Secure Sockets Layer (SSL), and the security parameters 
defined for SHTTP in the security injection profile include 
Header and Cryptopts. 

7. A system coupled through a network to client comput- 
ers having differing security protocols enabled by browsers 
running thereon, said system comprising: 

storage means for storing information of a network infor- 
mation provider as a single set of Hypertext Markup 
Language (HTML) pages; 

at least one server coupled to the client computers and to 
the storage means, the web server delivering the HTML 
pages to the browsers in response to requests from the 
browsers; and 

security injection means for dynamically assigning secu- 
rity parameters to each HTML page delivered to one of 
the browsers in accordance with the security protocol 
enabled in the one browser, 
wherein said security injection means includes: 

a security injection profile defining security parameters 
for each of the HTML pages for each of the security 
protocols; 

means responsive to a request from one of the browsers 
for accessing a requested one of the HTML pages; 

means for accessing the security injection profile to 
obtain the security parameters defined in the security 
injection profile for the requested one of the HTML 
pages and the security protocol of the browser mak- 
ing the request; and 

means for injecting the accessed security parameters 
into the accessed HTML page. 

8. The system of claim 7, 

wherein for each of the HTML pages, the security injec- 
tion profile includes a "to" section defining default 
security parameters for the HTML page, and 
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the "to" sections in the security injection profile further 
include one "from" section for each of the HTML pages 
that link to the HTML page corresponding to the "to" 
section if such linking requires other security param- 
eters lo override the default security parameters in the 5 
"to" section. 

9. In a computer network that includes client computers, 
storage means for storing information as HTML pages, and 
at least one server coupled to the storing means and the 
client computers, a method for dynamically assigning secu- lO 
rity parameters to each of the HTML pages that is delivered 

to one of the client computers in accordance with a type of 
security used by the one client computer to make requests 
and to receive results, said method comprising the steps of: 
passing names of "from" and "to" pages and the type of 15 

security used by the one client computer to a security 

injection program; 
having the security injection program read from a security 

injection profile a security header parameter defined for 

the "to" page and inject the defined header into the "lo" 

page; 

having the security injection program read from the 
security injection profile a security cryptopts parameter 
for each Uniform Resource Locator (URL) associated 
with the "lo" page and set said cryptopts parameters in 
said "to" page to create a security enhanced "to" page; 
and 

sending the security enhanced "to" page to the one client 
computer, so as to allow only one set of HTML pages 30 
to be stored for retrieval by client computers using 
differing types of security. 

10. A method for dynamically assigning security param- 
eters to each one of a secure set of web pages as the web 
pages are accessed, said method comprising the steps of: 35 

storing information as web pages; 



20 



providing a security injection profile defining security 
parameters for the web pages for a plurality of security 
protocols; 

receiving a request for a particular one of the web pages 
from a client system enabled with one of the security 
protocols; 

retrieving the one requested web page; 

using the security injection profile to obtain the security 
parameters for the one security protocol defined in the 
security injection profile for the one requested web 
page; 

adding the obtained security parameters to the retrieved 
web page to produce a security enhanced version of the 
retrieved web page; and 

delivering the security-enhanced version of the retrieved 
web page to the client system. 

11. The method of claim 10, wherein the security proto- 
cols include Secure Hypertext Transfer Protocol (SHTTP), 
and the security parameters defined for SHTTP in the 
security injection profile include Header and Cryptopts. 

12. The method of claim 11, 

wherein for each of the web pages, the security injection 
profile includes a "to" section defining default Header 
and Cryptopts security parameters for the web page, 
and 

the "to" sections in the security injection profile further 
include one "from" section for each of the web pages 
that link to the web page corresponding lo the "to" 
section if such linking requires other Header and Cryp- 
topt security parameters to override the default Header 
and Cryptopts security parameters in the "to" section. 

13. The method of claim 10, wherein the security proto- 
cols include Secure Sockets Layer (SSL). 
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